Operations Security

Anonymous
timer Asked: Feb 3rd, 2019
account_balance_wallet $5

Question Description

First Case Assignment

The following scenario is based on an actual attack deconstructed at a seminar I attended earlier this year. The names and locations have been removed to preserve the privacy of the organization in question.

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

No-Internal-Controls, LLC has a number of PCs configured for employee training

These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc.

The generic logins were not subject to lock out due to incorrect logins

One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access

The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

The internal network utilized a flat architecture

An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

The attacker installed tools on the compromised host to scan the network and identify network shares

The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

  • Suggest one or more policies that would help mitigate against attacks similar to this attack
  • Suggest one or more controls to support each policy
  • Identify each of the controls as physical, administrative, or technical and preventative, detective, or corrective.
  • Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget
  • Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.
  • Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy
  • 3-5 pages in length.
  • APA format.. citations, references etc...

Tutor Answer

MarcusJ
School: UCLA

Attached.

Running Head: POLICIES TO HELP IN MITIGATING RANSOMWARE ATTACKS

Policies to help in Mitigating Ransomware Attacks

Student’s name
Institution’s name

1

POLICIES TO HELP IN MITIGATING RANSOMWARE ATTACKS

2

Policies to help in Mitigating Ransomware Attacks
Introduction
In this technologically advanced age, it is crucial to report that cybercrime has
increased at an alarming rate and the most common being the ransomware attacks. A
significant number of organizations have suffered the attack which has been affiliated with
numerous losses. As a protective methodology, there has been the need for developing and
adopting measures that are ensuring the vulnerabilities paving the way to threats are dealt
with accordingly (Saleem, 2018). In correlation, No-Internal-Controls, LLC has suffered a
similar attack, and the company has chosen me as the CISO and tasked me with the role of
developing some substantial policies that will see attacks of such kind remain to be history.
Therefore, this paper will majorly explore the policies that the company should adopt to
upgrade its security such that a ransomware attack will not be experienced in the future.
...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors